CISCO-5795 

VERSION WITH MARKINGS TO SHOW CHANGES MADE 

IN THE CLAIMS 
Claims 1-42 have been amended as follows: 

1. (Once Amended) A method for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, said method 
comprising: 

[negotiating for the] communicating via a network interface with a host, wherein said 
communicating comprises a transport of multi-protocol data packets over a point-to-point 
communication link between the host and [a] the network interface; 

identifying a source address for [a] the host; and 

authorizing [said] the host to access said first domain and said second domain based upon 
login information obtained from [said subscriber] the host . 

2. (Once Amended) The method of claim 1 further comprising: 
authenticating said subscriber based upon login information obtained from [said 

subscriber] the host , 

3. (Once Amended) The method of claim 2 wherein said authenticating is accomplished 
using Link Control Protocol (LCP) . 

4. (Once Amended) The method of claim 1 wherein said identifying [a source address] 
is accomplished using Internet Protocol Control Protocol (IPCP). 
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5. (Once Amended) The method of claim 1 wherein said identifying [a source address] 
further comprises: 

assigning an Internet Protocol address to [said subscriber] the host from a pool of 
addresses located in a memory., 

6. (Once Amended) The method of claim 1 wherein said identifying [a source address] 
further comprises: 

assigning an Internet Protocol address to [said subscriber] the host from an authentication 
reply packet received from an authentication server. 

7. (Once Amended) The method of claim 1 wherein said communicating [negotiating 
for the transport of multi-protocol data packets] is accomplished using Point-to-Point Protocol 
(PPP). 

8. (Once Amended) The method of claim 1 wherein said authorizing [said subscriber to 
access said first domain and said second domain] further comprises: 

writing said login information into a memory. 

9. (Once Amended) A method for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, said method 
comprising: 

authenticating in a network interface a [subscriber] host based upon login information 
obtained from [said subscriber] the host ; 
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[negotiating for the] communicating via the network interface with the host, wherein said 
communicating comprises a transport of multi-protocol data packets over a point-to-point link 
existing between the [subscriber's] host and [a] the network interface; 

identifying a source address for [said subscriber] the host ; 

writing said login information into a memory; and 

authorizing [said subscriber] the host to access said first domain and said second domain 
based upon said login information [obtained from said subscriber]. 

10. (Once Amended) A method for single-step subscriber logon to a differentiated data 
communication network including same-session access capabilities to a first domain and a 
second domain, said method comprising: 

[negotiating for the] communicating via a network interface with a host, wherein said 
communicating comprises a transport of multi-protocol data packets over a point-to-point 
communication link between the [subscriber's] host and [a] the network interface; 

identifying a source address for [a subscriber] the host ; and 

authorizing [said subscriber] the host to access said first domain and said second domain 
based upon login information obtained from [said subscriber] the host . 

11. (Once Amended) The method of claim 10 further comprising: 
authenticating [said subscriber] the host based upon login information obtained from 

[said subscriber] the host . 

12. (Once Amended) The method of claim 11 wherein said authenticating is 
accomplished using Link Control Protocol (LCP) . 
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13. (Once Amended) The method of claim 10 wherein said identifying [a source 
address] is accomplished using Internet Protocol Control Protocol (IPCP). 

14. (Once Amended) The method of claim 10 wherein said identifying [a source 
address] further comprises: 

assigning an Internet Protocol address to [said subscriber] the host from a pool of 
addresses located in a memory. 

15. (Once Amended) The method of claim 10 wherein said identifying [a source 
address] further comprises: 

assigning an Internet Protocol address to [said subscriber] the host from an authentication 
reply packet received from an authentication server. 

16. (Once Amended) The method of claim 10 wherein said communicating [negotiating 
for the transport of multi-protocol data packets] is accomplished using Point-to-Point Protocol 
(PPP). 

17. (Once Amended) The method of claim 10 wherein said authorizing [said subscriber 
to access said first domain and said second domain] further comprises: 

writing said login information into a memory. 
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18. (Once Amended) A method for single-step subscriber logon to a differentiated data 
communication network including same-session access capabilities to a first domain and a 
second domain, said method comprising: 

authenticating a [subscriber] host based upon login information obtained from [said 
subscriber] the host ; 

[negotiating for the] communicating via a network interface with the host, wherein said 
communicating comprises a transport of multi-protocol data packets over a point-to-point link 
existing between the [subscriber's] host and [a] the network interface; 

identifying a source address for [said subscriber] the host ; 

writing said login information into a memory; and 

authorizing [said subscriber] the host to access said first domain and said second domain 
based upon said login information [obtained from said subscriber]. 

19. (Once Amended) A method for single-step subscriber logon of a host to a 
differentiated data communication network having access to a first domain and a second domain 
comprising: 

receiving login information from [the subscriber] said host : 
authenticating said [subscriber] host based upon said login information; 
storing said login information in a memory; 

notifying [the subscriber's] said host once a successful authentication process has been 
completed; 

[negotiating] initiating an address allocation negotiation session [with said host]; 
assigning a source address to said host; 
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[negotiating for the] communicating via a network interface with said host, wherein said 
communicating comprises a transport of multi-protocol data packets over a point-to-point link 
existing between said host and [a] said network interface; and 

writing a subscriber-related entry into the memory based upon said source address and 
said login information. 

20. (Once Amended) The method of claim 19 wherein said authenticating [act] further 
comprises: 

processing an authentication request packet based upon said login information; 
sending said authentication request packet to an authentication memory bank; and 
receiving [an access accept] a reply packet from said authentication memory bank. 

21. (Once Amended) The method of claim 20 wherein said sending [said authentication 
request packet] further comprises: 

sending said authentication [reply] request packet via a Remote Access Dial-In User 
Service (RADIUS) protocol communication link. 

22. (Once Amended) The method of claim [19] 20 wherein said writing further 
comprises: 

writing said subscriber-related entry into [a] the memory based upon configuration 
information in said [access accept] reply packet from said authentication memory bank . 

23. (Once Amended) The method of claim 19 wherein said [subscriber] login 
information [further comprises] comprises [the] a user name and a user authenticator. 
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24. (Once Amended) The method of claim 19 wherein said receiving [login information 
obtained from said subscriber] further comprises: 

receiving login information using a Link Central Protocol (LCP) communication link. 

25. (Once Amended) The method of claim 19 wherein said [negotiating an address 
allocation session] initiating further comprises: 

[negotiating an address allocation session using] utilizing an Internet Protocol Control 
Protocol (DPCP) communication link. 

26. (Once Amended) The method of claim 19 wherein said assigning [a source address] 
further comprises: 

retrieving a subscriber Internet Protocol address from a pool of addresses located in the 
memory. 

27. (Once Amended) The method of claim 19 wherein said assigning [a source address] 
further comprises: 

retrieving a subscriber Internet Protocol address from an access accept reply packet 
received from an authentication server. 

28. (Once Amended) The method of claim 19 wherein said communicating [negotiating 
for transport of multi-protocol data packets] further comprises: 

[negotiating] utilizing a Point-to-Point Protocol session between said host and said 
network interface. 
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29. (Once Amended) An apparatus for single step logon of a host to a differentiated data 
communication network having the capacity to create same-session open channels to a first 
domain and a second [domains] domain , the apparatus comprising: 

[a] means for [negotiating for the] communicating via a network interface with a host, 
wherein said communicating comprises a transport of multi-protocol data packets over a point- 
to-point communication link existing between the [subscriber's] host and [a] the network 
interface; 

[a] means for identifying a source address for [a subscriber] the host ; and 
[a] means for authorizing [said subscriber] the host to access said first domain and said 
second domain based upon login information obtained from [said subscriber] the host , 

30. (Once Amended) The apparatus of claim 29 further comprising: 

[a] means for authenticating [said subscriber] the host based upon login information 
obtained from [said subscriber] the host . 

31. (Once Amended) The apparatus of claim 29 wherein [a] said means for [negotiating 
for the transport of multi-protocol data packets] communicating further comprises: 

[a] means for [negotiating] communicating between the host and the network interface 
using a Point-to-Point Protocol session [between said host and said network interface]. 

32. (Once Amended) The apparatus of claim 29 wherein [a] said means for authorizing 
[said subscriber to access said first domain and said second domain] further comprises: 

[a] means for writing said login information into a memory. 
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33. (Once Amended) An apparatus for single-step subscriber logon of a host to a 
differentiated data communication network having access to a first domain and a second domain 
comprising: 

[a] means for receiving login information from [the subscriber] said host ; 

[a] means for authenticating said [subscriber] host based upon said login information; 

[a] means for storing said login information in a memory; 

[a] means for notifying [the subscriber's] said host once a successful authentication 
process has been completed; 

[a] means for [negotiating] initiating an address allocation negotiation session [with said 

host]; 

[a] means for assigning a source address to said host; 

[a] means for [negotiating for the] communicating via a network interface with said host, 
wherein said communicating comprises a transport of multi-protocol data packets over a point- 
to-point link existing between said host and [a] said network interface; and 

[a] means for writing a subscriber-related entry into the memory based upon said source 
address and said login information. 

34. (Once Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for single- 
step subscriber logon to a differentiated data communications network including a first domain 
and a second domain, said method comprising: 
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[negotiating for the] communicating via a network interface with a host, wherein said 
communicating comprises a transport of multi-protocol data packets over a point-to-point 
communication link between the host and [a] the network interface; 

identifying a source address for [a] the host; and 

authorizing [said] the host to access said first domain and said second domain based upon 
login information obtained from [said subscriber] the host . 

35. (Once Amended) The program storage device of claim 34 wherein said method 
further [comprising] comprises : 

authenticating [said subscriber] the host based upon login information obtained from 
[said subscriber] the host . 

36. (Once Amended) The program storage device of claim 34 wherein said authorizing 
[said subscriber to access said first domain and said second domain] further comprises: 

writing said login information into a memory. 

37. (Once Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for single- 
step subscriber logon to a differentiated data communication network including secure 
simultaneous access capabilities to a first domain and a second domain, said method comprising: 

[negotiating for the] communicating via a network interface with a host, wherein said 
communicating comprises a transport of multi -protocol data packets over a point-to-point 
communication link between the [subscriber's] host and [a] the network interface; 

identifying a source address for [a subscriber] the host : and 
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authorizing [said subscriber] the host to access said first domain and said second domain 
based upon login information obtained from [said subscriber] the host . 

38. (Once Amended) The program storage device of claim 37 wherein said method 
further [comprising] comprises : 

authenticating [said subscriber] the host based upon login information obtained from 
[said subscriber] the host . 

39. (Once Amended) The program storage device of claim 37 wherein said method 
further [comprising] comprises : 

writing said login information into a memory. 

40. (Once Amended) A [apparatus] gateway for single-step subscriber logon of a host to 
a differentiated data communication network having access to a first domain and a second 
domain , the gateway comprising: 

a multi-protocol point-to-point link [negotiator capable of] device for establishing a 
communication link for the transport of multi-protocol data packets between [said] the host and 
the gateway [a network interface]; 

a source address device for obtaining a source address for the host: and 

an authentication processor for authorizing the host to access the first domain and the 
second domain based upon login information obtained from the host. 

[an IP source address negotiator capable of defining a source address for a host, said IP 
source address negotiator in communication with said host; and 
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a registration memory in communication with said authentication processor and said 
source address negotiator device for tabulating subscriber identification information and said 
source address.] 

41. (Once Amended) The [apparatus of] gateway as defined in claim [30 further 
comprising:] 40, wherein [an] the authentication processor [capable of authenticating said 
subscriber] authenticates the host based upon the login information [said authentication 
processor in communication with said host]. 

42. (Once Amended) An apparatus for single-step subscriber logon of a host to a 
differentiated data communication network having access to a first domain and a second domain^ 
the apparatus comprising: 

a multi-protocol point-to-point link [negotiator] device in communication with [said] the 
host for establishing a communication link; 

[an authentication processor in communication with said host for receiving login 
information from said host and for authenticating said subscriber; 

a notifier in communication with said authentication processor and said host for notifying 
said host of authentication status;] 

a source address [negotiator] device in communication with [said] the host for negotiating 
a dynamic [IP] Internet Protocol (IP) address; and 

[a registration memory in communication with said authentication processor and said 
source address negotiator for tabulating said login information and said source address.] 

an authentication processor for authorizing the host to access the first domain and the 
second domain based upon login information obtained from the host. 
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Claims 43-55 have been added as follows: 

43. (New) The apparatus as defined in claim 42, wherein the authentication processor 
receives the login information from the host and authenticates the host. 

44. (New) The apparatus as defined in claim 42, further comprising a notifier in 
communication with the authentication processor and the host for notifying the host of an 
authentication status. 

45. (New) The apparatus as defined in claim 42, further comprising a registration 
memory in communication with the authentication processor and the source address device for 
tabulating the login information and the dynamic IP address. 

46. (New) The gateway as defined in claim 40, further comprising a notification device 
in communication with the authentication processor and the host for sending the host an 
authentication status. 

47. (New) The gateway as defined in claim 40, further comprising a registration 
memory in communication with the authentication processor and the source address device for 
tabulating the login information and the source address. 

48. (New) An apparatus for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, the apparatus 
comprising: 
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means for communicating via a network interface with a host, wherein the 
communicating comprises a transport of multi-protocol data packets over a point-to-point 
communication link between the host and the network interface; 

means for identifying a source address for the host; and 

means for authorizing the host to access the first domain and the second domain based 
upon login information obtained from the host. 

49. (New) The apparatus as defined in claim 48, further comprising means for 
authenticating the host based upon login information obtained from the host. 

50. (New) The apparatus as defined in claim 48, wherein the means for identifying 
further comprises means for assigning an Internet Protocol address to the host from a pool of 
addresses located in a memory. 

51. (New) The apparatus as defined in claim 48, wherein the means for identifying 
further comprises means for assigning an Internet Protocol address to the host from an 
authentication reply packet received from an authentication server. 

52. (New) A program storage device readable by a machine, tangibly embodying a 
program of instructions executable by the machine to perform a method for single-step 
subscriber logon of a host to a differentiated data communication network having access to a first 
domain and a second domain, the method comprising: 

receiving login information from the host; 
authenticating the host based upon the login information; 
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storing the login information in a memory; 

notifying the host once a successful authentication process has been completed; 
initiating an address allocation negotiation session; 
assigning a source address to the host; 

communicating via a network interface with the host, wherein the communicating 
comprises a transport of multi-protocol data packets over a point-to-point link existing between 
the host and the network interface; and 

writing a subscriber-related entry into the memory based upon the source address and the 
login information. 

53. (New) The program storage device as defined in claim 52, wherein the 
authenticating further comprises: 

processing an authentication request packet based upon the login information; 
sending the authentication request packet to an authentication memory bank; and 
receiving a reply packet from the authentication memory bank. 

54. (New) The program storage device as defined in claim 52, wherein the assigning 
further comprises: 

retrieving a subscriber Internet Protocol address from a pool of addresses located in the 
memory. 

55. (New) The program storage device as defined in claim 52, wherein the assigning 
further comprises: 
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retrieving a subscriber Internet Protocol address from an access accept reply packet 
received from an authentication server. 
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